package com.donleo.security.controller;

import com.donleo.security.common.CommonResult;
import com.donleo.security.service.MyUserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

/**
 * @author liangd
 * date 2020-12-08 19:18
 * code
 */
@RestController
@RequestMapping("/user")
public class MyUserController {

    @Autowired
    private MyUserService myUserService;

    /**
     * . @PreAuthorize表示在方法执行前验证
     * . hasAuthority('wx:product:read')表示拥有改权限才能访问
     * @return
     */
    @PreAuthorize("hasAuthority('wx:product:read')")
    @GetMapping("/findAll")
    public CommonResult findAll(){
        return myUserService.findAll();
    }

    /**
     * .@PreAuthorize表示在方法执行后验证
     * @param id
     * @return 测试结果为403，表示没有权限访问
     */
    @PostAuthorize("hasAuthority('wx:product:readtest')")
    @GetMapping("/findById")
    public CommonResult findById(Integer id){
        return myUserService.findById(id);
    }
}
